Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/01/2024, 03:42

General

  • Target

    4a588e938d447df4d0cd9b26d791a724.exe

  • Size

    1.9MB

  • MD5

    4a588e938d447df4d0cd9b26d791a724

  • SHA1

    20aea6284729fd9680be5b944ab8cb9f3a4c70f2

  • SHA256

    b5b9137fa9ea5cef7233830411dcc95d949b804d07203c3b834081052cd587a3

  • SHA512

    6505878f8f1996df5e5f8d6d9f7d250df934d40119fac25a40095ab5cde24817aa5f67ee3e224db12603a2e60441848145abd95bcfedd774d59713309bb3cbe9

  • SSDEEP

    49152:Qoa1taC070dNtPltRVS9wChgsHX8N32Jvj57zvJO7a6:Qoa1taC0klTY9lisHJ5j57zxO3

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe
    "C:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3512
    • C:\Users\Admin\AppData\Local\Temp\5AE1.tmp
      "C:\Users\Admin\AppData\Local\Temp\5AE1.tmp" --splashC:\Users\Admin\AppData\Local\Temp\4a588e938d447df4d0cd9b26d791a724.exe 9D8FF65A8EF46CE70B4F77BF468A322841F7A180632BDF97050705BA2DA0C0B218F203EBF73F1FDD0339A50E26D8247D230A6D34CE1405F4668755C1A67129BA
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2188

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\5AE1.tmp

          Filesize

          442KB

          MD5

          6df0f7cf012ad33d55cf2b5d523272e7

          SHA1

          8a738ecf83d54ba34da4cac4b55de877a1b83e2c

          SHA256

          7c836caeab9a4d11101036585ba78cc63ef0bc2f0dd4064c4d80bd761ff693c7

          SHA512

          9119ff594efc354498fa3358ba5c7c65049b225747f3fe66c2bb7d1016ad94e78d3a77c113f689a7684c3c82dc63fbeaed4845e4c07320d71c1e3c53939bd2d8

        • C:\Users\Admin\AppData\Local\Temp\5AE1.tmp

          Filesize

          297KB

          MD5

          5a8dd5c213cc3db013821cbabeabe2d9

          SHA1

          421295ff5295035e9fab52cbe52e02eb96d24e6b

          SHA256

          712c3eb0c4f96e217ea0b432822e0de98a19e1c92a6df639eb455bdc0512235b

          SHA512

          4825e4c33999cbca13b68d53ad20cb54855e4bfeb97424003e54b9501e537b6949dcfea978a6d5a19b23089a1b5c8474f3d898ae305b6bd361b81f782d3b2ef6

        • memory/2188-5-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB

        • memory/3512-0-0x0000000000400000-0x00000000005E6000-memory.dmp

          Filesize

          1.9MB